tl;dr

• Capturing the flag id through redos attack in /search endpoint
• XSS in /uuid/noteid/raw and HTML injection in /uuid/noteid
• CSP frame-src bypass through server side redirect